1. Statement of the Technical Field
The present invention relates to collaborative computing, and more particularly to access control for members of a collaborative community.
2. Description of the Related Art
The rapid development of the Internet has led to advanced modes of communication and collaboration. Using the Internet as a backbone, individuals worldwide can converge in cyberspace to share ideas, documents and images in a manner not previously possible through conventional telephony and video conferencing. To facilitate collaboration over the Internet, a substantial collection of technologies and protocols have been assembled to effectively deliver audio, video and data over the single data communications medium of the Internet. These technologies include document libraries, instant messaging, chat rooms, and application sharing.
Conventional collaborative computing includes combinations of collaborative technologies in order to provide a means for members of a collaborative community to pool their strengths and experiences to achieve a common goal. For instance, a common goal can include an educational objective, the completion of a software development project or even the creation and use of a system to manage human resources. A collaborative computing community generally can be defined by (1) a particular context, i.e. the objective of the environment, (2) membership, i.e., the participants in the environment, (3) a set of roles for the members, and (4) resources and tools which can be accessed by the membership in furtherance of the objective of the environment. Roles are names given to the people in the environment which dictate access to the resources and tools within the environment as well as define the behavior of the community members.
In the traditional membership model for a collaborative application, access control lists include the names of members in the collaborative application. In one type of collaborative environment, a collaborative space or “place” can be established to include one or more “rooms”. Each room can have an access control list (ACL) which is a subset of a parent rooms ACL which ultimately is a subset of the ACL for the place. Consequently, the ACL can be the same as a list of all members for the place. As such, as the membership list grows, so too will the ACL grow. Yet, in many collaborative computing environments—particularly those environments dependant upon an underlying database management system, the ACL can be space limited to conserve computing resources in the database management system.
By virtue of the tight coupling between the membership list and the ACL, managing the ACL can be complicated, especially where a place is defined by several nested levels of rooms associated with different members having different rights within the rooms. Whenever a user entry is to change in the underlying database management system, the change also must be reflected in each ACL throughout a place. As a result, a simple modification or deletion of a name from a membership directory can have far reaching consequences through the place as each ACL must be programmatically modified to incorporate the change. Of course, the programmatic harmonization of multiple ACLs in a place with a membership directory can be resource consumptive to say the least.